RE: Any known isssues

From: Faiz Ahmad Shuja (faiz_at_cyber.net.pk)
Date: 01/31/04

  • Next message: Thomas Biege: "DIMVA 2004 deadline extended" 
    To: <ravivsn@roc.co.in>
Date: Sat, 31 Jan 2004 22:20:13 +0500

    There is no issue in running both of them on the same box. Since honeyd
    is a low-interaction honeypot, there are rare chances that attacker
    would have control over the OS. But make sure your OS is hardened.

    Regards,
    Faiz

    -----Original Message-----
    From: ravivsn@roc.co.in [mailto:ravivsn@roc.co.in]
    Sent: Friday, January 30, 2004 11:13 PM
    To: res0qh1m@verizon.net
    Cc: focus-ids@securityfocus.com
    Subject: Re: Any known isssues

    Hmm, feel I should provide more info.

      I have a set-up in which I was running Nessus in external network and
    snort + honeyD in internal machine between which I have a box to be
    evaluated. Its not like I should run both of them in same machine. But
    wanted to know of any known issues in doing so.

    Thanks,
    -Ravi

    > Just an observation, why would you want to put your IDS on the same
    > box as the target? Seems that if you weren't pressed for resources,
    > you'd grab a LINUX low end box and run SNORT on it. Just put it
    > between your DMZ and the Honeypot.
    >>
    >> From: Ravi <ravivsn@roc.co.in>
    >> Date: 2004/01/30 Fri AM 12:57:12 CST
    >> To: focus-ids@securityfocus.com
    >> Subject: Any known isssues
    >>
    >> Hi All,
    >> Just curious to know whether there are any known issues in running
    >> honeyD and Snort in the same machine
    >> Like performance issues, increase in packet drops etc.,
    >>
    >> Thanks in advance,
    >> -Ravi
    >> http://www.roc.co.in
    >>
    >> Note: Thanks J for the info,
    >> Sorry, this is the first time I posted addressing multiple lists in
    >> one mail.
    >>
    >>
    >> ---------------------------------------------------------------------
    >> ------
    >>
    ------------------------------------------------------------------------ 

    ---
>>
>>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Thomas Biege: "DIMVA 2004 deadline extended"

    Relevant Pages

    • Re: Any known isssues
      ... I have a set-up in which I was running Nessus in external network and ... snort + honeyD in internal machine between which I have a box to be ... > grab a LINUX low end box and run SNORT on it. ...
      (Focus-IDS)
    • Any known isssues
      ... honeyD and Snort in the same machine ... Like performance issues, increase in packet drops etc., ... lists in one mail. ...
      (Focus-IDS)
    • Quantcast